Brazil to bolster data protection with GDPR-inspired legal overhaul

Brazil president, Michel Temer is to create an agency designed to galvanise the data security of Brazilians using the internet.

The new body, to be named the National Data Protection Authority (NDPA) will oversee the passing of a law “related to the treatment and protection of personal data online that was passed in August”, Reuters reports.

The executive order arrives just one day after the South American nation’s new President-elect, Jair Bolsonaro described his administration’s aim to scrutinise measures outlined by the current President over the last two months.

The NDPA will collaborate with other government agencies to reduce the number of data breaches under Brazil’s data protection legislation.

In August 2018, Brazil approved a new data protection law, LGPD (Lei Geral de Proteção de Dados), which is heavily based on the EU’s General Data Protection Regulation that came into being on May 25th of last year.

Companies have until 16th August 2020 to fall into compliance with the LGPD, a stipulation which touches all Brazilian organisations as well as foreign entities doing business in the country.

Similar in nature to its European counterpart, the LGPD’s new legal framework will revolutionise how personal data is handled and understood in Brazil, both on and offline and across all industries.

The laws will aim to bolster data subject rights and forge economic, technical and innovation development through more transparent data use. Legitimate interests, consent-based-processing and rights to data access, exclusion and explanation will all be prominent themes within the legislation’s principles.

When finalised, the NDPA will work in the same way as other watchdogs, and may put together guidelines for the promotion of private personal data for citizens in Brazil. The impact of the LGPD is expected to be far-reaching, as it will oblige companies from all sectors to adapt to a new climate of appropriate data use – a concept that is believed to be in its infancy in the South American state.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.